WhatsApp to Roll Out Two-Step Verification Feature

WhatsApp has announced its plans to make a new two-step verification (2SV) feature available to all of its more than one billion active monthly users.

2SV is an optional security mechanism that adds another step (not factor) to a web service’s login process beyond entering in a username and password. As a result, the feature helps to protect users’ accounts in the event they are compromised by malicious actors.

Most of us already know about 2SV via Google, Facebook, and other web services that offer the feature. Those implementations generally send users a one-time 6-digit code to a verified mobile device. Users must then correctly enter that code into a text field after submitting their login credentials to gain access to their accounts.

WhatsApp is doing something a bit different.

Members who set up 2SV on their accounts create a static 6-digit code that they must enter every time they wish to verify their phone number on WhatsApp. They will also need to remember that code for when they wish to set up their WhatsApp account on a new device.

WhatsApp has planned for that contingency. First, it will ask users to re-enter their code periodically to help them remember it. Second, the end-to-end encrypted messaging app has created a recovery option just in case users still forget their codes.

“Upon enabling this feature, you can also optionally enter your email address. This email address will allow WhatsApp to send you a link via email to disable two-step verification in case you ever forget your six-digit passcode, and also to help safeguard your account. We do not verify this email address to confirm its accuracy. We highly recommend you provide an accurate email address so that you’re not locked out of your account if you forget your passcode.”

At this time, 2SV is available only on a testing version of the messaging app, though the company intends to eventually roll out the feature to all of its users.